CVE-2021-40067

MEDIUM Year: 2021
CVSS v3 Score
6.8
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-732
View all →

Vulnerability Description

The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14.

Related Vulnerabilities

CVE-2017-7307

MEDIUM
CVSS:6.8(Medium)

Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by ...

CWE-7322017

CVE-2018-12259

MEDIUM
CVSS:6.8(Medium)

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise.

CWE-7322018

CVE-2018-20007

MEDIUM
CVSS:6.8(Medium)

Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data,...

CWE-7322018

CVE-2024-27108

MEDIUM
CVSS:6.8(Medium)

Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products

CWE-7322024

CVE-2024-47104

MEDIUM
CVSS:6.8(Medium)

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without...

CWE-7322024

CVE-2018-1203

MEDIUM
CVSS:6.7(Medium)

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being r...

CWE-7322018